Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3977Link Following in IBM Vios

CWE-59Link Following4 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.2%
top 59.88%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
IBM AIXIBM Vios
Timeline
PublishedJun 8
Latest updateMay 13

Description

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

NVDibm/vios16 versions+15
NVDibm/aix6.1, 7.1+1

🔴Vulnerability Details

2
GHSA
GHSA-gpv2-xxvx-f68g: libodm2022-05-13
CVEList
CVE-2014-3977: libodm2014-06-08

💥Exploits & PoCs

1
Exploit-DB
IBM AIX 6.1.8 - 'libodm' Arbitrary File Write2014-06-12
CVE-2014-3977 — Link Following in IBM Vios | cvebase